Patent 
252/229 



CLAIMS 



What is claimed is: 

A method for enhancing network throughput between an internal network and an external 
network to which one or more servers are connected, comprising the steps of: 

^^oviding a firewall between the internal network and the external network; 

opening a plurality of TCP cormections between said firewall and one or more of the 
servers, each said TCP connection having a TCP control block; 

creating a common TCP control block for a group of TCP connections through said 
firewall to the same server; and 

placing connection state data shared by each said TCP connection into said common TCP 
control block, wherein each individual said TCP control block includes a pointer to the CCB for 
said shared connection state data. \ 

2. The method of claim 1, further comprising the steps of connecting said firewall to one or 
more additional firewalls with an internal network, and sharing said common TCP control block 
with one or more of said additional firewalls connoted to said firewall. 

3. The method of claim 2, wherein said sharing stepds performed by pushing said common 
TCP control block from one of said firewalls to one or mo^spf said additional firewalls. 

4. The method of claim 3, wherein said pushing takes place atj)eriodic intervals. 

5. The method of claim 3, wherein one of said firewalls initiates sard pushing after opening 
a new TCP cormection. \ 
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6. The method of claim 2, wherein said sharing step is performed by puUing said common 
TCP control block to one firewall from one or more of said other firewalls. 

7. Tne method of claim 6, wherein said pulling takes place at periodic intervals. 

8. The method of claim 6, wherein one of said firewalls initiates said pulling before said 
firewall attempts\o open a new TCP connection. 

9. The method oKclaim 2, further comprising the step of storing said one or more common 
TCP control blocks received from one or more of said other firewalls. 

1 0. The method of claim a further comprising the step of adjusting the connection rate and 
data throughput through one sai^ firewall based on the connection rate and data throughput 
through said one or more other firWalls, as determined from said one or more common TCP 
control blocks received from said one or more other firewalls. 

1 1 . The method of claim 2, further comprising the step of providing a single physical point of 
contact between the internal network and the external network. 

12. The method of claim 2, further comprising the step of adjusting the connection rate and 
data throughput of one or more said TCP connecrion through one said firewall based on the 
connection rate and data throughput of one or morevsaid other firewalls, as determined from said 
common TCP control blocks. \ 

13. The method of claim 2, further comprising the stem of deleting one of said common TCP 
control blocks associated with an individual firewall a substantially fixed period of time after 
said common TCP control block was created. \ 
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14\ The method of claim 2, further comprising the step of deleting one of said common TCP 
control blocks associated with an individual firewall a substantially fixed period of time after 
said common TCP control block was received from another said firewall. 

15. The method of claim 1 , further comprising the step of deleting one of said common TCP 
control blocks irom one of said firewalls if said common TCP control block has not been used by 
said one of said flrewalls for a substantially fixed period of time. 

16. The method oKclaim 15, wherein said period of time is substantially equivalent to the 
TCP maximum segment\ifetime. 

17. The method of claim iVwherein said firewall is a proxy server. 

18. The method of claim 1, furtW comprising the step of adjusting the connection rate and 
data throughput of one said TCP connection through said firewall based on the connection rate 
and data throughput of said other TCP ojnnections, as determined from said common TCP 
control blocks. 

19. The method of claim 1, wherein said c^mon TCP control block created for said firewall 
is stored in said firewall. 



20. A method for enhancing network throughput^between an internal network and an external 
network to which one or more servers are connected, comprising the steps of: 

connecting two or more firewalls to the internal ^etwork, wherein said firewalls are proxy 
servers; 

cormecting the internal network and the external neis^ork through said one or more 
firewalls; 

opening a plurality of TCP connections between said f^^fewall and one or more of the 
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s^ers, each said TCP connection having a TCP control block; 

\ creating a common TCP control block for a group of TCP connections through said 
firewallsto the same server; 

plaisdng connection state data shared by each said TCP connection into said common TCP 
control bloclgsAvherein each individual said TCP control block includes a pointer to the CCB for 
said shared connection state data; 

sharing sam common TCP control blocks among said firewalls; 

storing said common TCP control blocks received from said one or more other firewalls 
in said receiving firewall; 

adjusting the connection rate and data throughput of each said firewall based on the 
connection rate and data throughput of said one or more other firewalls, as determined from said 
one or more common TCP coWol blocks received from said one or more other firewalls; and 

deleting one of said common TCP control blocks from one of said firewalls if said 
common TCP control block has nobybeen used by said one of said firewalls for a period of time 
substantially equivalent to the TCP mkximum segment lifetime. 

21 . A method for enhancing network tnroughput between an internal network and an external 
network to which a server is connected, comVising the steps of: 

connecting two or more firewalls to theuntemal network; 

determining whether a common TCP control block exists for a TCP connection between 
one of said firewalls and the server, and creating one if one does not exist; 

sending a TCP connection request to the seryer from one of said firewalls; and 
updating said common TCP control block based on the response from the server to said 
TCP connection request. \ 

22. The method of claim 21, further comprising the steps of establishing a connection 
between said firewall and said server, and updating said common TCP control block with 
connection state data during said connection. \ 
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22!\ The method of claim 22, further comprising the steps of shutting down said connection, 
and uf^dating said common TCP control block based on the type of shutdown performed. 

24. ThX method of claim 2 1 , further comprising the step of sharing said common TCP control 
block with one or more of said other firewalls. 
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25. A method Yor enhancing network throughput between an internal network and an external 
network to which a server is connected, comprising the steps of: 

connecting two^r more firewalls to the internal network; 
receiving a TCP connection request from the server to one of said firewalls; 
determining whethera common TCP control block exists for a TCP connection between 
said receiving firewall and saiasserver, and creating one if one does not exist; and 

updating said common TGf control block based on the TCP connection request from the 

server. 

26. The method of claim 25, further Comprising the steps of transmitting an 
acknowledgement and a request for connection to the server, and updating said common TCP 
control block with the resulting connection siate data. 



27. The method of claim 26, further comprising the steps of establishing a connection 
between said firewall and the server and updating s^id common TCP control block during said 
connection with connection state data. 



28. The method of claim 27, further comprising the steps of shutting down said connection, 
and updating said conmion TCP control block based on the type of shutdown performed. 




29. The method of claim 25, further comprising the step of^haring said common TCP control 

22 




Patent 
252/229 



block\with one or more of said other firewalls. 



30. A sWem for enhancing throughput between an internal network and an external network 
to which a server is connected, comprising a firewall between the internal network and the 
external network, said firewall comprising one or more common TCP control blocks each 
containing connection st^te data shared by a plurality of TCP connections between said firewall 
and the server. 
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3 1 . The system of claim 30, fijfther comprising one or more additional firewalls connected to 
the internal network, said firewalls ^apted to share common TCP control blocks among one 
another. 

32. The network system of claim 3 1 , wKprein said internal network is physically connected to 
said external network at a single point. 
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